#!/usr/bin/python
from subprocess import Popen, PIPE
from sys import argv, exit
#Quickly adapted from cipher-check.py; NMA Oct 14, 2014

color = { "tls1" : "\033[95m", "ssl2" : "\033[1;91m", "ssl3" : "\033[91m", 
    "matrix": "\033[92m", "norm" : "\033[0m" }
resp = { "ssl2": "", "ssl3": "", "tls1": "" }

if len(argv) < 2:
    print "Usage: %s [hostname|ip] {port (default: 443)}"
    exit(0)
else: hosts = argv[1].split(" ")
if len(argv) < 3:
    port = "443"
else: port = argv[2]
methods = ["ssl2", "ssl3"]
for host in hosts:
    print "[+] Testing %s:%s for CBC/Ciphers using SSLv2/3:" % (host, port),
    for v in methods:
    	ciphers = Popen(["openssl", "ciphers", "-%s" % v],  stdout=PIPE).communicate()[0].rstrip().split(":")
    	for c in ciphers:
    		if "CBC" in c:
    			results = Popen(["openssl", "s_client", "-" + v, "-cipher", c, "-connect", "%s:%s" % (host,port)],
    		  		stdin=PIPE, stderr=PIPE, stdout=PIPE)
    			results.stdin.write("\r\n\r\n")
    			rc = results.communicate()[0]
    			if "New" in rc:
    				if not "(NONE)" in rc:
    					resp[v] += "%s:%s " % (v,c)
    					break
    if resp[v]:
    	print "%sVULNERABLE%s" % (color[v], color["norm"])
    else:
    	print "%sSECURE%s"% (color["matrix"], color["norm"])
